Unrated severityNVD Advisory· Published Mar 15, 2006· Updated Apr 16, 2026

CVE-2006-1243

Description

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.

Affected products

Alexander Palmo/Simple Php Blog5 versions
cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:alexander_palmo:simple_php_blog:*:*:*:*:*:*:*:*range: <=0.4.7.1
- cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:alexander_palmo:simple_php_blog:0.4.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000